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FINAL ACTION 

1 . This action is in response to amendment filed 10/15/2009. Claims 1-22 are 
pending. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 
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2. Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Graham et al. (US Patent Publication No. 2002/0178271 and Graham hereinafter) in 
view of Hearns et al. (WO 03/003242 and Hearns hereinafter). 

3. As to claim 1 , Graham teaches a access control system for controlling access to 
data stored on at least one data storage medium of a computing system, the access 
control system comprising: authentication means to authenticate users permitted to 
access data stored in the at least one data storage medium (i.e., ... teaches an end-user 
client device requests a file from the content source 160, the request is received by the 
proxy system, which selectively provides the requested file as a function of information 
the proxy system obtains from authentication system and policy system [par. 65]]); 

and database means arranged to store data access profiles (i.e., 360, fig. 3); 

each data access profile being associated with a user permitted to access data 
stored in the at least one data storage medium (i.e., ... 510, fig. 5), each data access 
profile including information indicative of the degree of access permitted by a user to 
data stored in the at least one data storage medium (i.e., ... teaches the proxy system 
1 10 determines if the requesting user has the right to access the file [par. 66]). 

Graham does not expressly teach: each data access profile including a master data 
access profile and a current data access profile, the current data access profile being 
modifiable within parameters defined by the master data access profile. 
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However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Graham as introduced by Hearns. Hearns 
discloses: 

each data access profile including a master data access profile and a current 
data access profile, the current data access profile being modifiable within parameters 
defined by the master data access profile (to provide access profile means such that the 
profile dictates access privileges for computer resources [pg. 4, lines 15-20; 179, 
181,fig.7E]). 



Therefore, given the teachings of Hearns, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Graham by employing the well known feature of access profiles for defining access 
privileges to system resources as disclosed above by Hearns, for which controlling 
partition access will be enhanced [pg. 4, lines 15-20; 179, 181, fig. 7E]. 



4. As to claim 2, although the teachings of Graham illustrates substantial features of 
the claimed invention, it does not disclose: 

An access control system further comprising profile setting means arranged to 
facilitate creation of the master and current access profiles. 
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However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Graham as introduced by Hearns. Hearns 
discloses: 

An access control system further comprising profile setting means arranged to 
facilitate creation of the master and current access profiles (to provide access setting 
means for computer resources [179, 181 ,fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Graham by employing the well known feature of access profile setting for defining 
access privileges to system resources as disclosed above by Hearns, for which 
controlling partition access will be enhanced [pg. 4, lines 15- 20; 179, 181, fig. 7E]. 

5. As to claim 3, Graham teaches a access control system where the access control 
system is incorporated into a computing system having an operating system and the 
master data access profile is modifiable only prior to loading of the operating system 
(i.e., ... teaches a service performs internal policy consistency validation, rights 
revocation, and synchronized policy updates [par. 111] Those skilled in the art would 
recognize inherent to the capability to synchronize policy (i.e., .. access profiles) 
updates is the ability schedule modification of policies) ... further teaches at the time that 
the DCMS server application is booted, a specified file path is checked. If there are 
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Plug-Ins available, then the DCMS server application loads these plug-ins, and 
continues booting [par. 371]). 

6. As to claim 4, Graham teaches a access control system where said control 
system is activatable so as to permit modification of the current access profile and 
deactivatable so as to prevent modification of the current access profile (i.e., ... teaches 
a service performs internal policy consistency validation, rights revocation, and 
synchronized policy updates [par. 111] Those skilled in the art would recognize inherent 
to the capability to synchronize policy updates is the ability to activate and de-activate 
modification of policies (i.e., .. access profiles)). 

7. As to claim 5, Graham teaches a access control system where the access control 
system is implemented at least in part in the form of software (i.e., ... teaches a system 
in accordance with the present invention consists of server software running as an 
application on a standard hardware configuration and client software either hooking into 
or running as a process on top of the operating system on a standard hardware 
configuration [par. 31]]. 

8. As to claim 6, Graham teaches a access control system where the access control 
system is implemented at least in part in the form of hardware (i.e., ... teaches a system 
in accordance with the present invention consists of server software running as an 
application on a standard hardware configuration and client software either hooking into 
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or running as a process on top of the operating system on a standard hardware 
configuration [par. 31]. 

9. As to claim 7, Graham teaches a access control system where the access control 
system is arranged to govern user access profiles used by a security device configured 
to control access to a data storage medium (i.e., ... teaches a proxy system interfaces 
with and maintains authentication, access and usage control and security across 
computer network utilization of content sources [par. 70]). 

1 0. As to claim 8, Graham teaches a access control system where the security 
device is implemented at least in part in hardware and is of a type located between a 
data storage medium of a computing system and a CPU of the computing system (i.e., 
...teaches DCMS client application being stored in the host Operating System's memory 
partition in the client computer [par. 397] Those skilled in the art would recognize a CPU 
is inherent to the hardware structure of a computer). 

11. As to claim 9, Graham teaches a access control system where the security 
device is implemented at least in part in hardware and is of a type incorporated into bus 
bridge circuitry of a computing system [fig. 14]. 

12. As to claim 10, Graham teaches a access control system where the access 
control system is incorporated into a computing system having an operating system and 
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the current access profile is modifiable after loading of the operating system (i.e., .. 
teaches includes a user interface, configured to facilitate creation and editing of said 
access policies and said usage policies and association of said access policies and said 
usage policies with said files [claim 6]). 

1 3. As to claim 1 1 , Graham teaches a method of controlling access to data stored on 
at least one data storage medium of a computing system, the method comprising the 
steps of: providing means for authenticating users permitted to access data stored in 
the at least one data storage medium (i.e., ... teaches user authentication is performed 
by an authentication system and policy management is accomplished by a policy 
system [par. 20]); 

and storing data access profiles (i.e teaches access control policies over 

managed content, such as files stored in a content source [par. 69]); 

associating each data access profile one data storage medium (i.e., ... teaches 
evaluates the user/file specific policy from the METAFILES and database [par. 101]); 

each data access profile including information indicative of the degree of access 
permitted by a user to data stored in the at least one data storage medium (i.e., .. 
teaches security on both an access and usage level [par. 58]). 

Graham does not expressly teach: each data access profile including a master data 
access profile and a current data access profile, the current data access profile being 
modifiable within parameters defined by the master data access profile. 
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However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Graham as introduced by Hearns. Hearns 
discloses: each data access profile including a master data access profile and a current 
data access profile, the current data access profile being modifiable within parameters 
defined by the master data access profile (to provide access profile means such that the 
profile dictates access privileges for computer resources [pg. 4, lines 15-20; 179, 
181, fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Graham by employing the well known feature of access profiles for defining access 
privileges to system resources as disclosed above by Hearns, for which controlling 
partition access will be enhanced [pg. 4, lines 15-20; 179, 181, fig. 7E]. 

14. As to claim 12, although the teachings of Graham illustrates substantial features 
of the claimed invention, it does not disclose: 

An access control system further comprising the step of facilitating creation of the 
master and current access profiles. 
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However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Graham as introduced by Hearns. Hearns 
discloses: 

An access control system further comprising the step of facilitating creation of the 
master and current access profiles (to provide access setting means for computer 
resources [179, 181, fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art 
at the time of the invention would have recognized the desirability and advantage of 
modifying Graham by employing the well known feature of access profile setting for 
defining access privileges to system resources as disclosed above by Hearns, for which 
controlling partition access will be enhanced [pg. 4, lines 15- 20; 179, 181, fig. 7E]. 

15. As to claim 13, Graham teaches a method where the access control system is 
incorporated into a computing system having an operating system (i.e., ... teaches a 
server-side software modules uses many of the standard functionality of commercial 
operating systems to accomplish its normal operations [par. 72]), and the step of 
facilitating modification of the current data access profile includes the step of facilitating 
modification of the master data access profile only prior to loading of the operating 
system (i.e., ... teaches ervice performs internal policy consistency validation, rights 
revocation, and synchronized policy updates [par. 111] Those skilled in the art would 
recognize inherent to the boot process of computer is the updating of all files] ... further 
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teaches at the time that the DCMS server application is booted, a specified file path is 
checked. If there are Plug-Ins available, then the DCMS server application loads these 
plug-ins, and continues booting [par. 371]). 

16. As to claim 14, Graham teaches a method further including the steps of 
facilitating activation of said control system so as to permit modification of the current 
access profile and facilitating deactivation of said control system so as to prevent 
modification of the current access profile (i.e., ... teaches a service performs internal 
policy consistency validation, rights revocation, and synchronized policy updates [par. 
111] Those skilled in the art would recognize inherent to the capability to synchronize 
policy updates is the ability to activate and de-activate modification of policies (i.e., .. 
access profiles)). 

17. As to claim 15, Graham teaches a method where the access control system is 
implemented at least in part in the form of software (i.e., ... teaches a system in 
accordance with the present invention consists of server software running as an 
application on a standard hardware configuration and client software either hooking into 
or running as a process on top of the operating system on a standard hardware 
configuration [par. 31]. 

18. As to claim 16, Graham teaches a method where the access control system is 
implemented at least in part in the form of hardware (i.e., ... teaches a system in 
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accordance with the present invention consists of server software running as an 
application on a standard hardware configuration and client software either hooking into 
or running as a process on top of the operating system on a standard hardware 
configuration [par. 31]. 

1 9. As to claim 1 7, Graham teaches a method further comprising the step of 
arranging the access control system so as to govern user access profiles used by a 
security device configured to control access to a data storage medium (i.e., ... teaches a 
proxy system interfaces with and maintains authentication, access and usage control 
and security across computer network utilization of content sources [par. 70]). 

20. As to claim 18, Graham teaches a method where the security device (i.e., 
DCMS) is implemented at least in part in hardware and is of a type located between a 
data storage medium of a computing system and a CPU of the computing system (i.e., 
...teaches DCMS client application being stored in the host Operating System's memory 
partition in the client computer [par. 397] Those skilled in the art would recognize a CPU 
is inherent to the hardware structure of a computer). 

21 . As to claim 19, Graham teaches a method where the security device is 
implemented at least in part in hardware and is of a type incorporated into bus bridge 
circuitry of a computing system [fig. 14]. 
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22. As to claim 20, Graham teaches a method further comprising the steps of 
incorporating the access control system into a computing system having an operating 
system and facilitating modification of the current access profile after loading of the 
operating system (i.e., ... teaches includes a user interface, configured to facilitate 
creation and editing of said access policies and said usage policies and association of 
said access policies and said usage policies with said files [claim 6]). 

23. As to claim 21 , Graham teaches a computer program which when loaded into a 
computing system causes the computing system to operate in accordance with an 
access control system for controlling access to data stored on at least one data storage 
medium of a computing system, the access control system comprising: authentication 
means to authenticate users permitted to access data stored in the at least one data 
storage medium (i.e., ... teaches a content subsystem regulates access to files in the 
content repository through the evaluation and enforcement of authentication and access 
control policies [par. 85]); 

and database means (i.e., cache) arranged to store data access profiles (i.e., 
...teaches user shared session secrets and credentials are stored in temporary caches 
[par. 98]); 

each data access profile being associated with a user permitted to access data 
stored in the at least one data storage medium (i.e., ... teaches the authentication 
service creates credentials used to gain access to the protected content [par. 105]); 
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each data access profile including information indicative of the degree of access 
permitted by a user to data stored in the at least one data storage medium (i.e., 
...teaches policies also state the restrictions to be placed on content if access is granted 
.... teaches enforced by the client module access restrictions further define the 
operations permitted by the user on received content [par. 173]). 

Graham does not expressly teach: each data access profile including a master data 
access profile and a current data access profile, the current data access profile being 
modifiable within parameters defined by the master data access profile. 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Graham as introduced by Hearns. Hearns 
discloses: 

each data access profile including a master data access profile and a current 
data access profile, the current data access profile being modifiable within parameters 
defined by the master data access profile (to provide access profile means such that the 
profile dictates access privileges for computer resources [pg. 4, lines 15-20; 179, 
181, fig. 7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Graham by employing the well known feature of access profiles for defining access 
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privileges to system resources as disclosed above by Hearns, for which controlling 
partition access will be enhanced [pg. 4, lines 15-20; 179, 181, fig. 7E]. 

24. As to claim 22, Graham teaches a computer useable medium having a computer 
readable program code embodied therein for causing a computer to operate in 
accordance with an access control system for controlling access to data stored on at 
least one data storage medium of a computing system, the access control system 
comprising: authentication means to authenticate users permitted to access data stored 
in the at least one data storage medium (i.e., ... teaches this authentication interface 
obtains the identity or rights proving credentials used to infer access rights [par. 127]) 
and database means arranged to store data access profiles (e.g., ... authentication 
services) (i.e., ... teaches Entity information used by authentication services is stored in 
the entity database [par. 114]); 

each data access profile being associated with a user permitted to access data 
stored in the at least one data storage medium (i.e., ... teaches the authentication 
service creates credentials used to gain access to the protected content [par. 105]); 

each data access profile including information indicative of the degree of access 
(i.e., condtype) permitted by a user to data stored in the at least one data storage 
medium (i.e., ... teaches Access Conditions (multi-valued) 564 - the access conditions 
state the conditions under which access will be allowed. Each condition consists of 
condType [par. 173; table 2]. 
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Graham does not expressly teach: each data access profile including a master data 
access profile and a current data access profile, the current data access profile being 
modifiable within parameters defined by the master data access profile. 

However, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Graham as introduced by Hearns. Hearns 
discloses: each data access profile including a master data access profile and a current 
data access profile, the current data access profile being modifiable within parameters 
defined by the master data access profile (to provide access profile means such that the 
profile dictates access privileges for computer resources [pg. 4, lines 15-20; 179, 
181.fig.7E]). 

Therefore, given the teachings of Hearns, a person having ordinary skill in the art at the 
time of the invention would have recognized the desirability and advantage of modifying 
Graham by employing the well known feature of access profiles for defining access 
privileges to system resources as disclosed above by Hearns, for which controlling 
partition access will be enhanced [pg. 4, lines 15-20; 179, 181, fig. 7E]. 

Response to Arguments 
103 Rejection - Remarks 

With regard to applicant's remarks alleging deficiency on the part of Hearns as it 
pertains to applicant's claim limitation of, " master and current access profiles", the 
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Examiner respectfully submits Hearns' discloses the use of a default (e.g., master) data 
access profile for a user. See Hearns, paragraph 196. The default data access 
maintains one access level. In this instance, Hearns describes that all partitions are 
hidden. Additionally, the Examiner respectfully submits Hearns discloses that each new 
user is assigned the default data access profile until an administrator edits the profile to 
create a particular user profile for a selected user. See Hearns, paragraph 210. In this 
instance the newly edited user profile would be considered the current access profile. 
Hearns describes the access types in paragraphs 203-208 granted as part of the edited 
selected user profile. 

With regard to applicant's remarks of, "...Applicant respectfully traverses the 
rejection of claims herein over Graham US 2002/0178271 in view of Hearn WO 
03/003242 pursuant to 35 U.S.C. § 103. A prima facie case of obviousness of 
Applicants' claimed invention has not been established, as the cited references do not 
teach, suggest or motivate all of the features included in independent claims 1,11,21, 
and 22", the Examiner contends that the teachings of Hearns, paragraph 196, 203-208 
and 210 describes a access profile system with varying degrees of access control. Such 
a system as disclosed by Hearns allows for both a more comprehensive access profile 
structure (e.g., Master) and a less comprehensive access profile structure (e.g., current) 
to be used. The less comprehensive access profile is a subset of the more 
comprehensive access profile. 

With regard to applicant's remark of "...In this case neither of the references as 
cited by the examiner teach or suggest the limitation of a master data access profile and 
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a current access data access profile, the current data access profile being modifiable 
within parameters defined by the master data access profile, therefore, the asserted 
combination of the examiner fails, and claims 1 through 22 are not obvious", the 
Examiner contends as described above in the Examiner remarks, the teaching of 
Hearns provide the ability to have varying access profiles in such a matter that one 
access profile maintains a subset of access restrictions in view of a more 
comprehensive access restriction profile. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
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3826. The examiner can normally be reached on 8:30 am - 5:30 pm Monday -Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Korzuch can be reached on (571) 272-7589. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner, Art Unit 2431 



/William R. Korzuch/ 
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